- By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric `serviceaccount_stale_tokens_total` can be used to monitor for workloads that are depending on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container. If that metric indicates no existing workloads are depending on extended lifetimes, injected token lifetime can be...

            @Override
            public void onResponse(final RefreshResponse response) {
                if (logger.isDebugEnabled()) {
                    logger.debug(() -> "Refreshed " + stream(indices).get(stream -> stream.collect(Collectors.joining(", "))));
                }
            }

            @Override
            public void onFailure(final Exception e) {

* With this PR, kubectl and other RestClient's using the AuthProvider framework can make OIDC authenticated requests, and, if there is a refresh token present, the tokens will be refreshed as needed. ([#25270](https://github.com/kubernetes/kubernetes/pull/25270), [@bobbyrullo](https://github.com/bobbyrullo))

* Update cluster-proportional-autoscaler, etcd-empty-dir-cleanup, fluentd-gcp, and kube-addon-manager addons with refreshed base images containing fixes for CVE-2015-8271, CVE-2016-7543, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-7507. ([#48011](https://github.com/kubernetes/kubernetes/pull/48011), [@ixdy](https://github.com/ixdy))

* Support secure etcd cluster for centos provider. ([#42994](https://github.com/kubernetes/kubernetes/pull/42994), [@Shawyeok](https://github.com/Shawyeok))

* Update to kube-addon-manager:v6.4-beta.2: kubectl v1.6.4 and refreshed base images ([#47389](https://github.com/kubernetes/kubernetes/pull/47389), [@ixdy](https://github.com/ixdy))

  private Set<DurationSpec> expireAfterWrites = Sets.newHashSet((DurationSpec) null);
  private Set<DurationSpec> expireAfterAccesses = Sets.newHashSet((DurationSpec) null);
  private Set<DurationSpec> refreshes = Sets.newHashSet((DurationSpec) null);
  private Set<Strength> keyStrengths = Sets.newHashSet((Strength) null);
  private Set<Strength> valueStrengths = Sets.newHashSet((Strength) null);

  @CanIgnoreReturnValue

     * @return True if the user's information is editable, false otherwise.
     */
    default boolean isEditable() {
        return false;
    }

    /**
     * Refreshes the user's information from the underlying data source.
     * @return True if refresh was successful, false otherwise.
     */
    default boolean refresh() {
        return false;
    }

        return duplicateHostBhv.selectByPK(id);
    }

    /**
     * Stores (inserts or updates) a duplicate host configuration.
     *
     * <p>This method immediately refreshes the index to ensure the change is visible.
     * If the configuration already exists (based on ID), it will be updated;
     * otherwise, a new configuration will be created.</p>
     *

        return dataConfigList;
    }

    /**
     * Deletes the specified data configuration from the system.
     *
     * <p>This operation permanently removes the data configuration and
     * immediately refreshes the index to ensure the change is visible.</p>
     *
     * @param dataConfig the data configuration to delete
     * @throws IllegalArgumentException if dataConfig is null

   * of refreshes are specified in {@link LoadingCache#refresh}, and are performed by calling {@link
   * CacheLoader#reload}.
   *
   * <p>As the default implementation of {@link CacheLoader#reload} is synchronous, it is
   * recommended that users of this method override {@link CacheLoader#reload} with an asynchronous
   * implementation; otherwise refreshes will be performed during unrelated cache read and write